PUP.Optional.Spigot in Mozilla AppData folder.

[edwardBe]

With the help of this forum, I managed to get Chrome cleaned up, but now I'm having problems with FireFox.

Each night Malwarebyes scans my computer and each morning reports this:

File: 1
PUP.Optional.Spigot, C:\USERS\EDWARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M4J6RMYY.DEFAULT\PREFS.JS

I quarantine and then delete the file and yesterday I deleted the file prefs.js itself, but it was recreated although I didn't restart FireFox.

I went into the Profiles folder and opened profiles.ini which shows this:

[General]
StartWithLastProfile=1

[Profile0]
Name=default
IsRelative=1
Path=Profiles/m4j6rmyy.default
Default=1

I have no idea where this profile came from, but I suspect it is created by Spigot and keeps recreating prefs.js which recreates the Spigot file all over again.

This isn't a major problem, but it is annoying to get this message every morning and have to spend a few minutes quarantining and removing the file, although I guess I could ignore it...

The previous cleaning used FRST64 and AdwareCleaner, but they didn't find this for some reason. Should I rerun them?

Thanks again for all the help.

[kevinf80]

Hello edwardBe and welcome back to Malwarebytes,

I worked with you last time here at Malwarbytes and thought your system was back to normal. Before looking any further make a clean install of Firefox, see if that helpsss

Make a "Clean" install Firefox: Use the following link for instructions how to back up your bookmarks, same link can be used to import saved Bookmarks: https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer Next, Remove all synced data from Firefox to stop possible re-infection or exploitation. https://support.mozilla.org/en-US/questions/1037353 Next, Go here: http://www.mozilla.org/en-US/ download save the latest version of Firefox.. We will install this later... Next, Lets totally remove Firefox and start over. Go here: https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer and follow those instructions... Ensure when the uninstall completes to navigate to and delete the firefox installation folder (if present): (32-bit Windows) C:\Program Files\Mozilla Firefox (64-bit Windows) C:\Program Files (x86)\Mozilla Firefox It is essential the installation folder is removed. Re-boot your system when that is completed.... Next, To remove all remaining data and profile information... Press "Windows key + R" to open the Run box In the Run box, type in or copy and paste %APPDATA% Click OK. A Windows Explorer window will appear. In this window, choose/open in succession Mozilla > Firefox > Profiles. Select Delete on each entry in reverse, eg Profiles > Delete. Firefox > Delete. Mozilla > Delete. Re-boot your system when complete! Next, Use the Mozilla Firefox installer to reinstall your Browser.... When Firefox is installed and open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons/extensions, use, start, stop or disable those features etc.... With addons manager open select "Extensions" then type or copy paste uBlock Origin into the search box, hit return. Install that extension...   Does Firefox now work satisfactory...?   Thanks, Kevin

[edwardBe]

Thanks again, Kevin. I'm getting a message that I need permission from the computer's administrator to delete the files/folders in Roaming\Mozilla  even though I am the administrator.

[kevinf80]

Can you list full navigation address for each folder..

[edwardBe]

C:\Users\Edward\AppData\Roaming\Mozilla\Firefox\Profiles\m4j6rmyy.default This last folder I can't open or delete due to the permissions. I was able to open it yesterday when I started this post.

[kevinf80]

Download BlitzBlank from here: http://www.bleepingcomputer.com/download/blitzblank/dl/108/ and save it to your desktop. Right click on Blitzblank.exe select "Run as Administrator" Click OK at the warning (and take note of it, this is a VERY powerful tool!). Click the Script tab and copy/paste the following text there: DeleteFolder: C:\Users\Edward\AppData\Roaming\Mozilla Click Execute Now. An alert will ask "You are about to delete files, are you sure to proceed" Select OK to proceed A system reboot warning will open, it will say "Please close all running applicatons to avoid data loss" Select OK to proceed Your computer will need to reboot in order to do the fixes When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

[edwardBe]

Okay the mozilla folder is gone. I forgot to mention because I forgot about it, but I have been running an older version of FireFox because the bookmarks toolbar I have been using is not compatible with the latest version, or it wasn't the last time I checked.

[kevinf80]

Will Firefox install, (whichever version you need) and work normally for you. When complete run Malwarebytes scan, post the produced log..

[edwardBe]

It took some time to do it all. Norton had some issues that required a restart which hung, so I had to power off the computer manually, but everything seems fine, now. I can access the Mozilla folder under the Roaming folder. The MB scan was negative, but I guess I will have to wait for the results of the overnight scan tomorrow morning to see if the Spigot stuff is truly gone. Thanks again.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/26/18
Scan Time: 12:11 PM
Log File: f1efb50c-c1bf-11e8-b595-54ab3ac4e8f8.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7027
License: Premium

-System Information-
OS: Windows 10 (Build 17134.285)
CPU: x64
File System: NTFS
User: HOMER-VI\Edward

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 327708
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 17 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

[kevinf80]

Hello edwardBe,

I`ll just leave your thread open, post back after a day or so let me know how your PC responds..

Regards,

Kevin

[edwardBe]

Okay, thanks again.

[edwardBe]

Nothing this morning, thanks, again.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/27/18
Scan Time: 2:25 AM
Log File: 3e5f1550-c237-11e8-b7b5-54ab3ac4e8f8.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7039
License: Premium

-System Information-
OS: Windows 10 (Build 17134.285)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 327147
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 49 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

[kevinf80]

Thanks for the update edwardBe, good to hear your issue has cleared. Run the following to clean up...

Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" If your security program alerts to Delfix either, accept the alert or turn your security off. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked:   Remove disinfection tools <----- this will remove tools we may have used. Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...

[kevinf80]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks